terraform-registry/terraform-vault-tenant
terraform-registry/terraform-vault-tenant
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: circular dependency
All checks were successful
development / Check commit compliance (push) Successful in 5s
Details
pull-requests-open / Check commit compliance (pull_request) Successful in 5s
Details

Browse Source
This commit is contained in:
Bertrand Lanson 2024-05-25 18:27:03 +02:00
parent 39371c8503
commit 8a5a85f33f
Signed by: lanson
SSH Key Fingerprint: SHA256:/nqc6HGqld/PS208F6FUOvZlUzTS0rGpNNwR5O2bQBw
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
admin_approle.tf
View File

@ -1,7 +1,11 @@
locals {
tenant_admin_policies = ["default", "${var.tenant_name}-admin"]
}
resource "vault_approle_auth_backend_role" "tenant_admin" { resource "vault_approle_auth_backend_role" "tenant_admin" {
backend = var.global_approle_mount backend = var.global_approle_mount
role_name = "${var.tenant_name}-admin" role_name = "${var.tenant_name}-admin"
token_policies = ["default", "${vault_policy.tenant_admin.name}"] token_policies = local.tenant_admin_policies
} }
resource "random_uuid" "tenant_admin_secret_id" {} resource "random_uuid" "tenant_admin_secret_id" {}
@ -22,5 +26,5 @@ resource "vault_identity_entity" "tenant_admin" {
resource "vault_policy" "tenant_admin" { resource "vault_policy" "tenant_admin" {
name = "${var.tenant_name}-admin" name = "${var.tenant_name}-admin"
policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix, admin_policies = vault_approle_auth_backend_role.tenant_admin.token_policies }) : file(var.tenant_admin_policy_file) policy = var.tenant_admin_policy_file == null ? templatefile("${path.module}/policies/tenant-admins.policy.hcl", { tenant_prefix = var.tenant_prefix, admin_policies = local.tenant_admin_policies }) : file(var.tenant_admin_policy_file)
} }